javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-

Hello People,
I am trying to connect to Active Directory through jNDI and i keep getting the following error. I saw a lot of people asking hte same question, but no one ever put the solution they found. Can any one be considerable to help me.

Thanks

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893


The following is my DirContext settings

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL,"ldap://hodcserver.howost.strykercorp.com:389");

env.put(Context.SECURITY_AUTHENTICATION,"simple");

env.put(Context.SECURITY_PRINCIPAL,"uid=userName,ou=Information Technology Team,ou=New Jersey,dc=ost,dc=srcorp,dc=com");

env.put(Context.SECURITY_CREDENTIALS,"pass");

Error code 49 is the equivalent of bad credentials at login. If you are trying to connect to AD the best method is to bind using sAMAccountName@corp.XXX.com as the user instead of the standard full DN

HTH

Hi,
Thanks for your reply. I was trying to figure out how i will bind the sam account instead of complete DN, Can you pls, pls provide me with syntax.

Regards
VIk

So I am not so good with the java - but I would imagine you would bind by replacing

"uid=userName,ou=Information Technology Team,ou=New Jersey,dc=ost,dc=srcorp,dc=com"

with
"useraccountname@corp.xxx.com"

- where useraccountname is the login ID and XXX is the domain your AD runs in ...

Thanks ldap4you,
in your post I found the solution for my problem!
And for all others: you must use the strange syntax which ldap4you described, if you want to contact AD.
I tested it first with the LDAP Browser\Editor v2.8.2 by Derek Gawor, which is good tool.
Good Luck for everybody!

HI, I am also facing with the same problem. I tried with the LDAP browser, saying "Insufficient Access" or "Credential" problem. Can you please tell how you tested it and how it got resolved?

you can mail me directly to(E-Mail address blocked: See forum rules)

Thanks in advance.

Regards,
Chandu.

Thank you sooooo much I didn't try it with the domain name at the end!

Hi all,

I am getting the same error. Please let me explain what i have encountered.

In the active directory (version 2003), the administrator can actually limit the access of a particular user to a certain workstation. This can be set by putting the workstation host name or IP (which is allowed to accessed by the user) into a "log on to" list (at the user level). If the administrator wants the user to be able to log on to any workstation, then he / she can check on the "log on to all computer" in the same screen.

When my user has been set to "log on to all computer", i don't encounter the error message i.e. error code 49, as mentioned in the subject of this topic. However, when a particular user has been limited to only access to his own workstation, the error appears. However, if the Active Directory server host name or IP has been added into the "log on to" list, the authentication is successful.

My web application is actually running on an application server and the user is using Internet Explorer to login to my application. The application server has been joined to the same domain as the Active Directory server. My question is, is it a must that the Active Directory server name be added to the "log on to" list of that particular user in order for it to be authenticated by Active Directory. I have been cracking my head for this but still i can't think of any solution for this. I definitely don't want to add the AD server name into the list as this will give the user rights to login to the AD server. Any advise would be of great help. Thanks a million in advance.